1. Field of the Invention
The present invention is related to authentication in server systems serving multiple customers, and more specifically to an authentication system that reduces the number of authentication access points by passing through authentication requests that do not meet specific criteria to the next authentication access point.
2. Description of Related Art
Authentication in server systems providing support for multiple customers are typically constructed using a serial authentication model. For example, in Lightweight Directory Access Protocol (LDAP) as implemented in the JAVA Authentication and Authorization Service (JAAS), each authentication access point necessarily tests for authenticity and/or authorization of each access, as a failed authentication request is rejected by the access point. (JAVA is a trademark of Sun Microsystems, Inc.) Therefore, JAAS-based authentication systems are configured sequentially and to some degree hierarchically, since in order for an access attempt to pass to the last possible authenticator, the access attempt has to be “chained” through each of the preceding authenticators.
Such authentication structures are subject to tampering or hijack threats in which an either legal or illegal access to administration of one of the LDAP authenticators permits the hijacker to inserter (and therefore authorize) a user id that, for example, has privileges on a host serving all of the customers, has privileges at a global administrative level, or has privileges within another customer's application level. Further, if logging is enabled at an LDAP instance, the accesses to a downstream customer's application level may be logged by an upstream LDAP instance that belongs to another customer, exposing information about user IDs, times of access and other information, such as IP addresses, that may be considered proprietary to the other customer.
Sequential authentication structures are also more susceptible to denial-of-service (DoS) attacks in general, since an attack on one LDAP instance early in the chain can block accesses to downstream LDAP instances.
Therefore, it would be desirable to provide a sequential authentication model that does not expose proprietary information between customers, that avoids providing access to a particular LDAP's managed identities through administration of another LDAP, and has improved immunity to DoS attacks.